Martijn Visser created FLINK-29710:
--------------------------------------
Summary: Upgrade the minimal supported hadoop version to 2.10.2
Key: FLINK-29710
URL: https://issues.apache.org/jira/browse/FLINK-29710
Project: Flink
Issue Type: Technical Debt
Components: FileSystems
Reporter: Martijn Visser
Assignee: Martijn Visser
Hadoop 2.8.5 is vulnerable for multiple CVEs such as
https://nvd.nist.gov/vuln/detail/CVE-2022-25168 and
https://nvd.nist.gov/vuln/detail/CVE-2022-26612 which are classified as
Critical. While Flink is not directly impacted by those, we do see
vulnerability scanners flag Flink as being vulnerable. We could easily mitigate
that by bumping the minimal supported version of Hadoop to 2.10.2.
Please note that this doesn't break the binary protocol compatibility, which
means that 2.10.2 client can still talk to older servers.
Discussion thread:
https://lists.apache.org/thread/tgw2dmnoxm7sdwyjohskmvpk3pdd3qvm
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
